New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
Essential information
- Published
- 07/11/2025 18:07
- Modified
- 07/11/2025 21:35
- Tags
- 2025-11-07 CVE-2025-21042 CVE-2025-21043 CVE-2025-43300 CVE-2025-55177 android commercial-grade dng landfall samsung spyware whatsapp zero-day
- Related entities
- 18 observables, 5 others
Description
Unit 42 researchers have uncovered LANDFALL, a previously unknown Android spyware family targeting Samsung Galaxy devices. The spyware exploits CVE-2025-21042, a zero-day vulnerability in Samsung's image processing library, to deliver commercial-grade surveillance capabilities. LANDFALL is embedded in malicious DNG image files, likely distributed via WhatsApp, and enables comprehensive monitoring including microphone recording, location tracking, and data collection. The campaign shares infrastructure with known commercial spyware operations in the Middle East. The vulnerability has been patched, but the exploit chain remained active and undetected for months before discovery.